Explain how incident severity classification works in a SOC and how severity levels relate to service level agreements. How should an L1 analyst determine the appropriate severity level for an incident?

Sample answer preview

Severity classification is the process of assigning a priority level to a security incident based on its potential impact and urgency. This classification directly drives response timelines, resource allocation, and communication requirements through predefined service level…